While we can all rejoice that 2020 is over, cybersecurity experts agree we haven’t seen the last of the pandemic-related rise in cyberattacks. Throughout the last year, we’ve seen huge spikes in phishing, malicious domains, malware and more, and we don’t expect that to slow down. As employees around the world continue to work from home, 2021 is shaping up to be another year of record highs in terms of malicious online activity.
What is the cyber-demic?
Cybercriminals have always been opportunistic, taking advantage of all possible avenues that disrupt businesses, steal data, trick end users, and more to turn a profit. As the threat reports Webroot produces each year have shown — not to mention the increasing number of major hacks in the headlines — threats keep evolving, and their growth is often exponential. That means even before the pandemic, cyberattacks and resulting data loss were already becoming a case of “when,” not “if.”
Still, the COVID-19 pandemic brought unprecedented surges in threat activity as cybercriminals capitalized on chaos and security gaps caused by the switch to WFH. Particularly by targeting vaccine production and distribution, COVID-19 trackers, videoconference applications, and other pandemic-related topics in their scams, criminals have upped the ante on what would have already been a record year; hence “cyber-demic.”
What types of malicious activities should we expect?
“It’s all about data,” says Matt Seeley, senior solutions consultant at Carbonite + Webroot, OpenText companies.
“Whether you’re a business or an individual at home, your data is important to you. Not having access to corporate data can put companies out of business. Not having access to your personal files can also have devastating consequences. The scammers know how important data is. That’s why stealing it, misusing it, holding it for ransom, or threatening it in some other way is such an effective way to get what they want – i.e., the money.”– Matt Seeley, sr. solutions consultant, Carbonite + Webroot, OpenText companies
Recent trends in ransomware back up these insights. Thought to be pioneered by the Maze ransomware group, a new tactic emerged in 2020 in which ransomware authors changed their business model. Instead of infiltrating systems to encrypt data and demand a ransomware to unlock it, they instead encrypted the data and further incentivized ransom payment by threatening to expose that data if the victim chose not to pay. Using leak/auction websites, criminals can display or auction off victim’s data to the highest bidder; the cake-topper here is that organizations that are subject to privacy regulations, such as GDPR, PCI, etc., would also have to pay the fines associated with improperly securing sensitive data.
Additionally, the modular nature of modern malware means many malware groups are teaming up to increase their chances of a successful payday. For example, a phishing email might drop a botnet/Trojan that listens for domain credentials. Once the criminals have domain credentials, they can disable security and/or tamper with backups. That way, when they eventually drop ransomware, businesses may have no choice but to pay, since their backups are also compromised.
How IT will Prevail in 2021
“The answer, once again, is data,” says Seeley, “though, in this case, it’s part of overall cyber fitness. If your data isn’t secured, properly segmented, backed up and tested, then 2021 is likely to be a bad year.”
Stressing the need to combine comprehensive cybersecurity layers with proven backup and disaster recovery solutions, Seeley explains, “To bring your cyber fitness up and become more resilient, I recommend businesses start off by assuming they will definitely get breached this year, even if they’ve been lucky and have never been breached before. Once you accept that as your foundation, you can prepare for it. It’s that preparation that’s going to be key.”
Here are his top 3 tips for businesses to stay safe.
- Know your data.
“This is the #1 most important advice I can offer. You can’t secure data if you don’t know where it lives or how important it is. The folks who don’t know their data, who don’t know all the places it resides, how up-to-date it is, or what kind of security it needs, are the ones who are going to suffer the worst if they get attacked or experience some kind of physical damage, like hardware failure or a natural disaster. They’re the ones who, even if they have backups in place, will go to restore their data and realize they don’t have the right information after all. You don’t want to have to learn that the hard way.”
- Classify your data.
“This is part of knowing your data. If you accept that the data breach is going to happen sooner or later, then you need to know which data is mission-critical to get through your day, vs. other historical data that is nice to have, but won’t make or break your business if you lose access for a little while. Once you know the timing of which systems and data need to be available this second and which ones can wait a few days or weeks, you can properly plan your disaster recovery strategy and choose the right backup solutions and schedules.”
- Test your data recovery plan.
“The biggest obstacle to your cyber fitness is overconfidence. Just because you have antivirus and backups doesn’t guarantee your protections will be there and functional when you need them. Bad actors are going to keep getting craftier. They’re going to keep finding new ways to target data. You need to regularly monitor and test your backup and disaster recovery strategy to ensure that your data is exactly as safe and available as you need it to be.”
For more details on stress testing your disaster recovery plan, read his blog on the subject.
While these tips apply more to businesses than home users, Seeley says the same fundamental principles apply to anyone. “Think about all the data you could lose if your personal computer crashed right now and the hard drive died. Do you have it backed up? Are those backups secure? Do you know all the places your data lives? Do you have protection for it? Whether you’re a business, an MSP, a regular person at home, a student… These are the types of questions we should all be asking ourselves, so we can all be more resilient in this cyber-demic.”